[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: Insecure file upload in Berta CMS
From:       Simon Waters <simon.waters () surevine ! com>
Date:       2015-03-30 11:35:43
Message-ID: 5A4D0468-0D68-487A-86B8-B28B04464F7A () surevine ! com
[Download RAW message or body]

> On 28 Mar 2015, at 05:47, cve-assign@mitre.org wrote:
> 
> Signed PGP part
> > http://seclists.org/fulldisclosure/2015/Mar/155
> 
> > We found that the file upload didn't require authentication.
> ...
> 
> Use CVE-2015-2780 for this "didn't require authentication" issue.


Thanks


> The ability to bypass image validation by using certain .php files
> that begin with a "GIF89" substring might be considered a bug, but is
> perhaps not a security bug.

Your analysis is similar to mine, and private correspondence with the developer.

I've added a comment to PHP docs for getimagesize to remind folks it doesn't validate images, I \
don't think this is a bug.

It might be a useful feature for PHP to have a simple file upload validation (Image magick has \
one), but there is no guarantee that valid files won't be misinterpreted as malicious if you \
can get them interpreted in an inappropriate context.


["signature.asc" (signature.asc)]

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJVGTUQAAoJEHT1d47Kem8YO5MIANokfHlOWCWOqJnJbDLgDv72
1EeRPIRnVIfriiIdeeboI/tJAibVIVtbBfonUNIoRqaTNZzOzBoXtJNF6x4S3oTW
Ac008LqmzbEv+HJjXi6QgJa0wvCW9sHDngurjbvD0WWtiyZiBf7QKQPDOzoPD3cn
gj+DnupgSl07s1u3drKwwv6PQrkpotoUrQztwftxxIL+uYIFoJZgXpeVSS6W9gpX
JKepBFO89AjvLtc6vpI/fkYbjUjdDKwxQLCPg1AGTJ6hfOQ4maS2sOA+ydvRudV5
x0CqpKmc4r5DNnVeLRVSdXP9hVhnSLo9z8wl6EUSZUivclYkNroLjGXMic2QcAY=
=hNA9
-----END PGP SIGNATURE-----


[prev in list] [next in list] [prev in thread] [next in thread]